Gambling Sites Hedging Bets

Share

Gambling Sites Hedging Bets

As Super Bowl weekend approaches, Mickey Richardson, general manager of BetCRIS, an online gambling site based in Costa Rica, readies himself for the action. But there's also a cloud hanging over his, and other gambling sites' profitable Feb. 6 weekend.

An e-mail could come at any moment threatening to take down the site unless $40,000 or more is paid to an anonymous account.

Online gambling was, and still is, an industry ripe for the picking and extortion attempts like these are fairly common, not just around the Super Bowl. According to gaming analysts River City Group, estimated 2004 revenues for online gambling reached more than $7 billion. About 350 companies run at least 1,700 gaming sites. It's also a largely unregulated industry – many of these companies are headquartered offshore in countries without ample law enforcement resources to pursue hackers thousands of miles away, so the site operators often feel the pressure to pay.

"There's money to be made in extortion," said Jim Slaby, a senior analyst for Yankee Group, a research firm. "These attacks are out of the hands of teenage hackers and firmly into the province of professional criminals. The profit motive drives most of these."

After all, when BetCris alone stands to take more than 50,000 individual bets over Super Bowl weekend, what's $40,000?

"People are willing to pay a pretty substantial price to get back online in a couple hours," said Richardson.

But he no longer worries about whether he should pay up.

Prolexic Technologies, launched in January 2004 by a college student based in Sacramento, California, believes it has found the best way to overcome these attacks. The company has quickly racked up online gambling clients, including Richardson, who first worked with Prolexic co-founder and CTO Barrett Lyon to ultimately thwart a Thanksgiving 2003 attack.

"Within 10 minutes, my website was gone," Richardson said. "We got completely tortured down here when we got that first high-level attack." His site was overrun by a complex distributed denial of service, or DDoS, attack and his users couldn't get on the site to place their bets.

To carry out such an attack, a "zombie-bot net" – often thousands of computers from across the globe – is instructed to connect to a website. The bots consist of personal computers compromised by viruses and malicious code that can be remotely controlled by the attackers, who security experts believe are typically based in Russia and Western Europe. The mass of traffic paralyzes a site so legitimate page requests fail to get through. If the site shares the same infrastructure as the company, it can bring down the entire corporate network.

"They really saved our butts down here," said Richardson. "If it wasn't for him, this company would've been ruined. If I didn't find a solution, they (the extortionists) were never going to leave me alone."

"Imagine 50,000 people showed up at your office, and you got 50,000 calls at the same time – you probably wouldn't get much work done." said Prolexic's Lyon. "So we would line up those 50,000 people and interrogate each one. If they (were) illegitimate, we'd shoot them in the head."

Sounds extreme, but Lyon only executes HTTP traffic Prolexic doesn't like. The service redirects all traffic headed at the sites to its three "heavily-fortified" data centers, monitoring and cleaning it as it comes through. Once it enters the datacenters, Lyon said Prolexic's technology creates data flow layers monitored for patterns and specific problems or attacks. This layering gives the company a stream of HTTP traffic they can then inspect using what is commonly known as Deep Packet Inspection.

Lyon also said they take it one step further than most security companies because his is the only system to use its own off-site datacenters to filter traffic, allowing them to handle nearly any size DDoS attack. They're also able to view each HTTP stream individually for irregularities.

Slaby at the Yankee Group believes other vendors in the booming "network integrity" space take a similar approach to tracing traffic and Prolexic isn't the only company to successfully defend against DDoS. Arbor Networks has almost cornered the ISP market, thereby allowing ISPs to offer DDoS protection to their enterprise clients directly. Mazu Networks, Radware, Top Layer Networks, Lancope and a slew of others, including the router behemoth Cisco Systems, defend against DDoS at the enterprise network level as well.

Though online gambling operations have been the prime target for DDoS attacks, as well as early adopters of the Prolexic solution, cyber-criminals are moving up the food chain.

In a September 2004 survey of small and medium-size businesses, Yankee found that 11 percent of respondents had been hit with DDoS attacks in the previous 12 months. Security firm Symantec found in its most recent Internet Security Threat Report that e-commerce was the most targeted industry from all types of cyber-attacks. The company also observed a disturbing increase in the number of bots available to attackers, from roughly 2,000 a day in early 2004 to more than 30,000 per day in September. And the CSI/FBI 2004 Computer Crime and Security Survey found that other than viruses, denial of service attacks caused more financial losses than any other cyber-security breach.

"This extortion and DDoS business is growing quite a bit," said Sanjay Raja, director of product marketing for Top Layer, a Prolexic partner. "Interestingly, the number of stories you hear about is very small compared to the actual number of attacks. Few institutions are willing to expose the fact that they've actually been under some sort of attack."

Yankee's Jim Slaby agrees. "As ever in this security space, there's a lot that goes on that never hits the mainstream media," he said. "There's a lot at stake in preventing news of attacks from getting out. The knowledge of a threat alone is enough to drive customers away from a business."

Though Lyon relocated the company to Hollywood, Florida, ostensibly to be closer to his Caribbean client base, he's extremely confident the company can continue expanding beyond the gambling market. Lyon said Prolexic defends some 80 gaming-type companies, including SportingIndex, BetJamaica, eHorse and Canbet. In all, Prolexic handles traffic for more than 6,000 sites, gambling or otherwise, filters roughly four billion legitimate requests and thwarts three DDoS attacks each week.

"The gaming industry was the first niche for attackers," said Lyon. "We've scared away a lot of them, and we're really the only ones up to the challenge."

Over the next two weeks, Prolexic will keep its eyes on its online gambling customers who await the extortion e-mails. Though the site operators can now ignore the threats, the nervousness never completely subsides.

"No matter what happens, when you get that extortion letter, you always have it in the back of your mind," said Richardson at BetCRIS. "I'm always confident, but I certainly don't antagonize the ones who send me the e-mails."